Comment by bluGill

Comment by bluGill 3 months ago

47 replies

View on Hacker News

At least he got a response. Meaning the address didn't change mostly.

A few years back I worked on an embedded linux project. For our first "alpha" release one of the testers read through the license agreement (as opposed to scrolling past all that legalese like most people do) and found the address to write to to get all the GPL source, he then send a letter to the address and it was returned to sender, invalid address. Somehow the lawyers found out about this and the forced us to do a full recall, sending techs to each machine to install an update (the testers installed the original software and were expected to apply updates, but we still had to send someone to install this update and track that everyone got it). Lawyers want to show good faith in courts - they consider it inevitable that someone will violate the GPL and are hoping that by showing good faith attempts to follow the letter and spirit the court won't force releasing our code when a "rouge employee" manages to violate the license.

The more important take away is if your automated test process doesn't send letters to your GPL compliance address to verify it works then you need manual testers: not only are you not testing everything, but you didn't even think of everything so you need the assurance of humans looking for something "funny".

AlbinoDrought 3 months ago

The Free Software Foundation closed their office at 51 Franklin St in August 2024 [1]. Their new mailing address is on 31 Milk Street [2].

If this test was reproduced today, we may see different results ;)

[1]: https://www.fsf.org/blogs/community/fsf-office-closing-party

[2]: https://www.fsf.org/about/contact/mailing

Reply View 22 replies
  • dunham 3 months ago

    That's recent enough that mail forwarding should work, if they set it up:

    > Standard mail forwarding lasts 12 months. You can pay to extend mail forwarding for 6, 12, or 18 more months (18 months is the maximum).

    Edit for source: https://www.usps.com/manage/forward.htm

    Reply View 17 replies
    • giancarlostoro 3 months ago

      > > Standard mail forwarding lasts 12 months. You can pay to extend mail forwarding for 6, 12, or 18 more months (18 months is the maximum).

      That's kind of awkward when you consider people will find that address for source code where that license file just wont be updated for decades to come, if at all.

      Reply View 16 replies
      • 1oooqooq 3 months ago

        since this is hacker news... i once had some trouble changing mail address from one supplier (they would send the materials to the new address, but insisted on sending billing/tax info to the old one) so i did the mail forward process some three times + their extensions (i recall it was 6 + 3mo or so)... it got me close to 3 yrs of reliable mail forward from the great folks at usps until i could get thru the supplier personnel thick skull.

        the only issue "redoing" the request is that people at the old address can block it, so be sure to talk to them first.

        Reply View 2 replies
  • twic 3 months ago

    This test isn't about writing to the FSF, it's about writing to the vendor who supplied the software.

    Reply View 0 replies
diggan 3 months ago

An updated version would say to make sure every email address you use/show in the application/terms/policies are usable and someone receives it.

When reviewing stuff that introduces new emails and whatnot I always spend 10-20 seconds sending an email with "Please respond if you see this" to verify it actually works and someone receives it, as I've experienced more than once that no one actually setup the email before deploying the changes that will show the email to users.

Reply View 0 replies
ahtihn 3 months ago

> court won't force releasing our code when a "rouge employee" manages to violate the license.

Is this an actual, real risk? Has a court ever forced anyone to release their code because they were violating the GPL?

My understanding is that this is not how this works. If you violate the license you simply don't have a valid one and basically committing copyright infringement. The punishment for that isn't being forced to comply with the license, it's having to pay damages to the copyright owner.

Showing good faith doesn't really change the end result: you're using code that you don't have a license to. The only fix is to start complying or stop selling your software until you remove the code you don't have a license to use.

Reply View 1 reply
  • bluGill 3 months ago

    Not that I'm aware of. NEXT however did release objective-C source code, but AFAIK that never went to court (anyone able to find those details - I can't find them now).

    The text of the GPL is release source code. There are a few people who want release source code to be the only way out of any infringement. If a company intentionally violates the GPL that starts to look like a reasonable argument to courts. However if a company takes "enough" effort to not infringe and does anyway a smaller penalty would apply.

    If you don't have a license and distributed software, then that is a copyright violation and the author is entitled to damages. Exactly what those are is something the court figures out. However one important piece of evidence is the license was release your source code. Thus lawyers want that additional cover of we knew and decided not to use GPL code, and there are the steps we took to ensure we didn't: since we took effort you shouldn't apply that extreme penalty.

    I do know that good faith in other areas has made a difference. Companies have been caught bribing foreign officials before - which is a shut down the company level event (many countries have laws that if you bribe a government anywhere, not just in their country). However because the company could show they made good faith efforts to ensure everyone knew not to bribe this was just the act of a rouge employee.

    How real is it? Hard to say. Good lawyers will tell you that putting in some effort to ensure you don't infringe is cheap protection even if the risk is low.

    Reply View 0 replies
chasd00 3 months ago

reminds me of this old joke. Two testers walk into a bar, the first says "i'll have a beer please" and they get their beer as expected. The second says "I just want water" and they get the water just like the asked. Then a user walks into the bar and asks "where's the bathroom?". The bar explodes.

Reply View 0 replies
terinjokes 3 months ago

Why should the test process be sending physical letters (edit: in 2025)? Nothing in the GPLv2 requires a physical letter.

The address the OP sent a letter too has already been removed from the canonical version of the license (and was itself an unversioned change from the original address), and section 3 doesn't require a physical offer if the machine-readable source code is provided.

Reply View 19 replies
  • ndiddy 3 months ago

    Some companies still do this mainly to make the GPL request process more annoying so fewer people do it. If you have to mail a letter with a check to cover shipping/handling and wait for the company to send you a CD-R with the code on it, fewer people will look at the code compared to if the company just put it on Github or something.

    Reply View 18 replies
    • terinjokes 3 months ago

      If the goal is to be annoying, sure make sure folks can jump through hoops. I just don't think in 2025 a company legitimately intending to satisfy the GPL requirements needs anything to do with physical mail, since they'll provide it online.

      I stopped putting in requests for source code offers because I've had a 0% success rate.

      Reply View 3 replies
      • immibis 3 months ago

        Companies don't legitimately intend to satisfy the GPL requirements.

        If you put in a source code request and get no reply you should try to contact the copyright holder or someone like the Software Freedom Conservancy or the EFF, because they are breaking the law. There was a case recently in Germany where a court forced a maker of home routers to give up not just their source code, but also the scripts to install modified software - as required by the license. (As I understand it there is no precedent in a civil law system, but it does mean at least one judge believes Tivoization of GPLv2 software is illegal)

        Reply View 1 reply
    • foxglacier 3 months ago

      I offer GPL source via physical address because I don't want to distribute it with the software and I think the GPL said you have to do it that way. I also provide an email address for convenience but without it being the official way so I don't really have to respond to those. In 10 years, I've had zero requests either way.

      Reply View 3 replies
      • adastra22 3 months ago

        Why do you distribute under GPL if you don’t want to distribute the source?

        Reply View 2 replies
    • bluGill 3 months ago

      Most of the time the GPL request is a waste of time with no purpose other than annoy a company. You can download linux source code from many places, why do you want to get it from us?

      There is a slight possibility we have a driver that you could get access to, but without the hardware it won't do you any good. Once in a while we have hacked the source to fix a bug, but if it isn't upstream it is because the fix would be accepted (often it causes other bugs that don't matter to use), and in any case if it isn't upstream, the kernel moves so fast you wouldn't be able to use it anyway.

      Reply View 9 replies
      • immibis 3 months ago

        There's actually a near-100% chance that the kernel on my device is not the upstream kernel. There's a near-100% chance that you have added some custom drivers or got them from your upstream. There's also a near-100% chance that you have written some scripts to install the kernel on the device, which you are required (at least one German judge thinks so) to share with me so that I can install a modified kernel on my device.

        Reply View 0 replies
      • ndiddy 3 months ago

        Again I see no purpose in doing things this way besides trying to minimize the amount of people who look at your GPL code for some reason. Isn't it more annoying for the company to make someone in customer support read paper letters, burn the GPL package onto a CD-R, and mail it than it is to simply host the GPL package for each product on a support site or Github or something and include a link in the product documentation?

        Reply View 1 reply
        • ack_complete 3 months ago

          There's definitely a purpose, it's to obfuscate usage of GPL software and dodgy linkage. There's no other reason for situations like hosting a binary download as a plain download on a website while getting the source requires mailing a check or money order to a UK address.

          Reply View 0 replies
      • regentbowerbird 3 months ago

        You only have to serve those requests if you distribute your changes yourself.

        So presumably as a hardware company you'd be offering your hardware with your custom linux installed, and then people wanting to audit or hack the product they bought would request the code from you.

        Reply View 5 replies